<?php

require_once('../../libraryfiles/config.php');

$action = isset($_GET['action']) ? $_GET['action'] : '';

switch ($action) {
    //To do Add user regiser as a buyer
    case'register_b':

        if (empty($_POST['first_name'])) {
            $error = $lang['PLEASE_INPUT_FNAME'];
            header("Location: create_account.php?error=1");
        } else if (empty($_POST['last_name'])) {
            $error = 'Please input last name!';
            header("Location: create_account.php?error=2");
        } else if (empty($_POST['last_name'])) {
            $error = 'Please input last name!';
            header("Location: create_account.php?error=2");
        } else if (empty($_POST['title'])) {
            $error = 'Please input title!';
            header("Location: create_account.php?error=3");
        } else if (empty($_POST['user_pass'])) {
            $error = 'Please input password!';
            header("Location: create_account.php?error=4");
        } else if (empty($_POST['confirm_password'])) {
            $error = 'Please input Verify Password!';
            header("Location: create_account.php?error=5");
        } else if (empty($_POST['mobile'])) {
            $error = 'Please input mobile phone!';
            header("Location: create_account.php?error=8");
        } else if (empty($_POST['email'])) {
            $error = 'Please input e-mail!';
            header("Location: create_account.php?error=9");
        } else if (empty($_POST['address'])) {
            $error = 'Please input address!';
            header("Location: create_account.php?error=11");
        } else if (empty($_POST['txt_state'])) {
            $error = $lang['PLEASE_SELECT_PROVINCE'];
            header("Location: create_account.php?error=12");
        } else if (empty($_POST['selectionDistrict'])) {
            $error = $lang['PLEASE_SELECT_DISTRICT'];
            header("Location: create_account.php?error=14");
        } else if (!( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code']))) {
            // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
            $error = 'Sorry, you have provided an invalid security code!';
            header("Location: create_account.php?error=13");
        } else {
            add_user();
        }
        break;

    //To do Edit user buyer
    case'edit_b':
        Edit_buyer();
        break;

    case'register_s':
        if ($_POST['fname'] == '' || $_POST['fname'] == null) {
            $error = 'Please input first name!';
            header("Location: create_account.php?error=1");
        } else if ($_POST['lname'] == '' || $_POST['lname'] == null) {
            $error = 'Please input Last name!';
            header("Location: create_account.php?error=2");
        } else if ($_POST['title1'] == '' || $_POST['title1'] == null) {
            $error = 'Please input title!';
            header("Location: create_account.php?error=3");
        } else if ($_POST['pass'] == '' || $_POST['pass'] == null) {
            $error = 'Please input password!';
            header("Location: create_account.php?error=4");
        } else if ($_POST['cpass'] == '' || $_POST['cpass'] == null) {
            $error = 'Please input verify password!';
            header("Location: create_account.php?error=5");
        } else if ($_POST['sec_word'] == '' || $_POST['sec_word'] == null) {
            $error = 'Please input security word!';
            header("Location: create_account.php?error=6");
        } else if ($_POST['cmobile'] == '' || $_POST['cmobile'] == null) {
            $error = 'Please mobile telephone!';
            header("Location: create_account.php?error=7");
        } else if ($_POST['cphone'] == '' || $_POST['cphone'] == null) {
            $error = 'Please mobile phone number!';
            header("Location: create_account.php?error=8");
        } else if ($_POST['uemail'] == '' || $_POST['uemail'] == null) {
            $error = 'Please input Email!';
            header("Location: create_account.php?error=9");
        } else if ($_POST['cemail'] == '' || $_POST['cemail'] == null) {
            $error = 'Please input verify Email!';
            header("Location: create_account.php?error=10");
        } else if ($_POST['caddress'] == '' || $_POST['caddress'] == null) {
            $error = 'Please input your address!';
            header("Location: create_account.php?error=11");
        } else if ($_POST['ccountry'] == '' || $_POST['ccountry'] == null) {
            $error = 'Please input your country!';
            header("Location: create_account.php?error=12");
        } else if ($_POST['file_image'] == '' || $_POST['file_image'] == null) {
            echo 'Please input your company logo!';
            header("Location: create_account.php?error=19");
        } else if ($_POST['location'] == '' || $_POST['location'] == null) {
            echo 'Please input your company location!';
            header("Location: create_account.php?error=20");
        } else if ($_POST['pharmacy_fax'] == '' || $_POST['pharmacy_fax'] == null) {
            echo 'Please input your company fax number!';
            header("Location: create_account.php?error=21");
        } else if ($_POST['pharmacy_website'] == '' || $_POST['pharmacy_website'] == null) {
            echo 'Please input your company website!';
            header("Location: create_account.php?error=23");
        } else if ($_POST['open_hour'] == '' || $_POST['open_hour'] == null) {
            echo 'Please input your company open hour!';
            header("Location: create_account.php?error=24");
        } else if ($_POST['close_hour'] == '' || $_POST['close_hour'] == null) {
            echo 'Please input your company close hour!';
            header("Location: create_account.php?error=25");
        } else if ($_POST['pharmacy_license'] == '' || $_POST['pharmacy_license'] == null) {
            echo 'Please input your company license!';
            header("Location: create_account.php?error=26");
        } else if ($_POST['pharmacy_name'] == '' || $_POST['pharmacy_name'] == null) {
            echo 'Please input your company name!';
            header("Location: create_account.php?error=14");
        } else if ($_POST['pharmacy_address'] == '' || $_POST['pharmacy_address'] == null) {
            $error = 'Please input company Address!';
            header("Location: create_account.php?error=15");
        } else if ($_POST['pharmacy_phone'] == '' || $_POST['pharmacy_phone'] == null) {
            $error = 'Please input company mobile phone!';
            header("Location: create_account.php?error=16");
        } else if ($_POST['pharmacy_email'] == '' || $_POST['pharmacy_email'] == null) {
            $error = 'Please input company email!';
            header("Location: create_account.php?error=17");
        } else if (!( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code']))) {
            // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
            $error = 'Sorry, you have provided an invalid security code!';
            header("Location: create_account.php?error=13");
        } else {
            add_seller();
        }
        break;

    case'edit_s':
        edit_seller();
        break;

    default:
        header("Location: index.php");
        break;
}

function add_user() {

    $first_name = addslashes($_POST['first_name']);
    $last_name = addslashes($_POST['last_name']);
    $title = $_POST['title'];
    $user_pass = addslashes($_POST['user_pass']);
    $user_type = (int) $_POST['accounttype'];
    $mobile = addslashes($_POST['mobile']);
    $phone = addslashes($_POST['phone']);
    $email = $_POST['email'];
    $address = addslashes($_POST['address']);
    $status = '0';
    $country = $_POST['txt_state'];
    $district = $_POST['selectionDistrict'];
    $newsletter = isset($_POST['newsletter']) ? $_POST['newsletter'] : 0;
    $secret_word = isset($_POST['secret_word']) ? $_POST['secret_word'] : 0;

    //for record for register and buyer
    $_SESSION['fname'] = $_POST['first_name'];
    $_SESSION['lname'] = $_POST['last_name'];
    $_SESSION['title1'] = $_POST['title'];
    $_SESSION['pass'] = $_POST['user_pass'];
    $_SESSION['cpass'] = $_POST['confirm_password'];
    $_SESSION['cmobile'] = $_POST['mobile'];
    $_SESSION['cphone'] = $_POST['phone'];
    $_SESSION['uemail'] = $_POST['email'];
    $_SESSION['caddress'] = $_POST['address'];
    $_SESSION['txt_state'] = $_POST['txt_state'];
    $_SESSION['selectionDistrict'] = $_POST['selectionDistrict'];


    //$string = "SELECT email FROM tbluser WHERE email='".$_POST['email']."'";
    $where_user = array(
        Tbluser::email => $email
    );
    $string = select(Tbluser::Tbluser, array(Tbluser::email), $where_user);
    if (dbNumRows($string)) {
        header("Location: ../../create_account.php?error=EMAILALEXIST");
        exit();
    } else {
        //$add_user = "INSERT INTO tbluser(first_name, last_name, title, user_pass, user_type_id, mobile, phone, email, address, cdate,  mdate, status, country_id, newsletter, secret_word, account_type) 
        //VALUES('$first_name', '$last_name', '$title', '$user_pass', '$user_type', '$mobile', '$phone', '$email', '$address', NOW(), NOW(), '$status', '$country', '$newsletter', '$secret_word','khm')	";
        
        $getCodGeneration = generateRandomString();

        if ($user_type == 2) {
            $data_user = array(
                Tbluser::first_name => $first_name,
                Tbluser::last_name => $last_name,
                Tbluser::title => $title,
                Tbluser::user_pass => GenPassword($user_pass),
                Tbluser::user_type_id => 2,
                Tbluser::account_type_id => 1,
                Tbluser::mobile => $mobile,
                Tbluser::phone => $phone,
                Tbluser::address => $address,
                Tbluser::email => $email,
                Tbluser::cdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::mdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::status => $status,
                Tbluser::newsletter => $newsletter,
                Tbluser::secret_word => $secret_word,
                Tbluser::activate => $getCodGeneration,
            );
            $lastid = insert(Tbluser::Tbluser, $data_user);
            $query1 = "INSERT INTO tblpharmacy (pharmacy_name, address, phone, fax, email, website, open_hour, close_hour, license, pharmacy_image, user_id, province_id, cdate, mdate, status, shorturl)
                    VALUES(
						'" . $_POST['pharmacy_name'] . "',
						'" . $_POST['pharmacy_address'] . "',
						'" . $_POST['pharmacy_phone'] . "',
						'" . $_POST['pharmacy_fax'] . "',
						'" . $_POST['pharmacy_email'] . "',
						'" . $_POST['pharmacy_website'] . "',
						'" . $_POST['open_hour'] . "',
						'" . $_POST['close_hour'] . "',
						'" . $_POST['pharmacy_license'] . "',
						'$logo',$lastId,
						'" . $_POST['location'] . "',                        
						now(),now(),1,
                        '" . $sorturl . "'
					)";
            mysql_query($query1);
        } else {
            $data_user = array(
                Tbluser::first_name => $first_name,
                Tbluser::last_name => $last_name,
                Tbluser::title => $title,
                Tbluser::user_pass => GenPassword($user_pass),
                Tbluser::user_type_id => $user_type,
                Tbluser::mobile => $mobile,
                Tbluser::phone => $phone,
                Tbluser::address => $address,
                Tbluser::email => $email,
                Tbluser::cdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::mdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::status => $status,
                Tbluser::newsletter => $newsletter,
                Tbluser::secret_word => $secret_word,
                Tbluser::activate => $getCodGeneration,
            );
            $lastid = insert(Tbluser::Tbluser, $data_user);
        }
        /* send email to confirm */
        include_once S_ROOT . '/libraryfiles/SendEmail.php';
        $transport = new SendEmail();
        $name = $first_name . $last_name;
        $header = 'info.neakporn@gmail.com';
        $subjects = "Psarinternet Activation";
        $base = "http://" . $_SERVER["SERVER_NAME"];        
        $BodyHeader = "ACTIVATE YOUR ACCOUNT NOW!";
        $BodyMessage = 'Cliquez sur le lien pour activer votre compte: <a href="' . $base . '/includefiles/account/confirm.php?confirm=' . $getCodGeneration . '&id='.$email.'">Active Now!</a> ';
        $bodym = '<html>
						<header>
						<title>' . $BodyHeader . '</title>
								</header>
								<body><div class="ii gt adP adO" id=":oz">
								<div id=":p0">
								<div style="border-radius: 5px; border: solid 1px #dfdfdf; font-family: Arial; word-wrap: break-word; width: 670px">
								<div class="adM"></div>
								<table cellspacing="0" cellpadding="0" style="background-color: #ededed; border-radius: 5px 5px 0 0; width: 670px">
								<tbody>
								<tr>
								<td>
								<div style="padding: 30px 30px 0; font-size: 20px">
								' . $BodyHeader . '
										<div style="margin-top: 20px; width: 0; min-height: 0; border-bottom: 10px solid #fff; border-left: 10px solid transparent; border-right: 10px solid transparent">
										</div>
										</div>
										</td>
										<td style="vertical-align: middle; text-align: right; padding-right: 30px">
										<img src="' . $base . '/images/logo1.png"/>
												</td>
												</tr>
												</tbody>
												</table>
												<div style="line-height: 18px; font-size: 14px">
												<div style="padding: 30px 30px 40px">
												' . $BodyMessage . '
														</div>
														</div>
														<div style="line-height: 18px; border-radius: 0 0 5px 5px; font-size: 14px; padding: 30px; border-top: solid 1px #dfdfdf">
														<p>
														<strong>Interactid</strong><br>
														<br> 110 avenue Marceau 92 400 COURBEVOIE FRANCE.<br> Email:&nbsp;<a
														target="_blank" href="mailto:interactid.sp@gmail.com">interactid.sp@gmail.com</a><br>
														Tel : 01.46.43.11.08
														</p>
														</div>
														</div>
														<div class="yj6qo"></div>
														<div class="adL"></div>
														</div>
														</div>
														</body>
														</html>';
        $transport = $transport->SendMail($name, $email, $base, $header, $subjects, $BodyHeader, $BodyMessage);
        echo $transport;
        /* end send email to confirm */

        //header('Location: ' . W_ROOT . '/includefiles/email/send_email.php?email=' . $email . '&fname=' . $first_name . '&lname=' . $last_name . '&id=' . $lastid);
    }
}
function Edit_buyer() {



    $first_name = ($_POST['first_name']);
    $last_name = addslashes($_POST['last_name']);
    $user_pass = addslashes($_POST['user_pass']);
    $title = $_POST['title'];
    $user_pass = addslashes($_POST['user_pass']);
    $mobile = addslashes($_POST['mobile']);
    $phone = addslashes($_POST['phone']);
    $email = $_POST['email'];
    $region = $_POST['region'];
    $city = $_POST['city'];
    $address = addslashes($_POST['address']);
    $country = $_POST['country_id'];
    $zip = $_POST['zip'];


    $st_user = "UPDATE tbluser SET first_name='$first_name', 
				last_name='$last_name', 
				user_pass='$user_pass',
				title='$title',
				email='$email',
				mobile='$mobile',
				phone='$phone',
				address='$address',
				country_id='$country'
				WHERE tbluser.id=" . $_SESSION['acc_id'];

    $str_profile = "UPDATE tbluser_profile SET first_name='$first_name', 
				last_name='$last_name', 
				email='$email',
				mobile='$mobile',
				phone='$phone',
				region='$region',
				address='$address',
				city='$city',
				zip='$zip'
				WHERE 
				tbluser_profile.provider=" . $_SESSION['acc_id'];

    mysql_query($st_user);
    mysql_query($str_profile);
    $success = 'You have successfully edit your profile!';
    header("Location: " . W_ROOT . "/buyer/profile.php?success=$success");
}

function add_seller() {

    $image = uploadPhoto('file_image', 'upload/');
    $logo = $image['thumbnail'];
    $newsletter = isset($_POST['newsletter']) ? $_POST['newsletter'] : '0';

    //for record for register and buyer
    $_SESSION['fname'] = $_POST['fname'];
    $_SESSION['lname'] = $_POST['lname'];
    $_SESSION['title1'] = $_POST['title1'];
    $_SESSION['pass'] = $_POST['pass'];
    $_SESSION['cpass'] = $_POST['cpass'];
    $_SESSION['sec_word'] = $_POST['sec_word'];
    $_SESSION['cmobile'] = $_POST['cmobile'];
    $_SESSION['cphone'] = $_POST['cphone'];
    $_SESSION['uemail'] = $_POST['uemail'];
    $_SESSION['cemail'] = $_POST['cemail'];
    $_SESSION['caddress'] = $_POST['caddress'];
    $_SESSION['ccountry'] = $_POST['ccountry'];
    //for company 
    $_SESSION['pharmacy_name'] = $_POST['pharmacy_name'];
    $_SESSION['pharmacy_address'] = $_POST['pharmacy_address'];
    $_SESSION['file_image'] = $_FILES["file_image"];
    $_SESSION['pharmacy_phone'] = $_POST['pharmacy_phone'];
    $_SESSION['pharmacy_fax'] = $_POST['pharmacy_fax'];
    $_SESSION['pharmacy_email'] = $_POST['pharmacy_email'];
    $_SESSION['pharmacy_website'] = $_POST['pharmacy_website'];
    $_SESSION['open_hour'] = $_POST['open_hour'];
    $_SESSION['pharmacy_license'] = $_POST['pharmacy_license'];
    $_SESSION['location'] = $_POST['location'];
    $_SESSION['open_hour'] = $_POST['open_hour'];
    $_SESSION['close_hour'] = $_POST['close_hour'];
    //end for record for register and buyer

    $string = "SELECT email FROM tbluser WHERE email='" . $_POST['uemail'] . "'";
    $result = mysql_query($string);

    if (dbNumRows($result)) {
        $error = 'Sorry, This email have already register!';
        header("Location: create_account.php?error=$error");
    } else {

        $query = "INSERT INTO tbluser(first_name,last_name,title,user_pass,mobile,phone,email,address,cdate,mdate,user_type_id,account_type_id,country_id,status,newsletter, secret_word
					)VALUES(
						'" . $_POST['fname'] . "',
						'" . $_POST['lname'] . "',
						'" . $_POST['title1'] . "',
						'" . $_POST['pass'] . "',
						'" . $_POST['cmobile'] . "',
						'" . $_POST['cphone'] . "',
						'" . $_POST['uemail'] . "',
						'" . $_POST['caddress'] . "',
						now(), now(),
						2,
						1,
						'" . $_POST['ccountry'] . "', 
						0,
						$newsletter, 
						'" . $_POST['sec_word'] . "'
					)";
        mysql_query($query);
        $lastId = mysql_insert_id();
        $s_insert = mysql_query("INSERT INTO tbl_style (by_company_id, columns, images,type_img, sitename, site_tagline, timezone, language) VALUE ($lastId, '2col_l', 'no-banner.gif', 1, 'Your site name', 'discription of your site', 'UTC+7','en')");

        $sorturl = strtolower($_POST['pharmacy_name']); //if no sort url
        $sorturl = str_replace(' ', '-', $sorturl);
        $query1 = "INSERT INTO tblpharmacy (pharmacy_name, address, phone, fax, email, website, open_hour, close_hour, license, pharmacy_image, user_id, province_id, cdate, mdate, status, shorturl)
                    VALUES(
						'" . $_POST['pharmacy_name'] . "',
						'" . $_POST['pharmacy_address'] . "',
						'" . $_POST['pharmacy_phone'] . "',
						'" . $_POST['pharmacy_fax'] . "',
						'" . $_POST['pharmacy_email'] . "',
						'" . $_POST['pharmacy_website'] . "',
						'" . $_POST['open_hour'] . "',
						'" . $_POST['close_hour'] . "',
						'" . $_POST['pharmacy_license'] . "',
						'$logo',$lastId,
						'" . $_POST['location'] . "',                        
						now(),now(),1,
                        '" . $sorturl . "'
					)";
        mysql_query($query1);



        if ($_POST['title1'] == "Mr.") {
            $gender = "Male";
        }
        if ($_POST['title1'] == "Mrs." || $_POST['title1'] == "Miss.") {
            $gender = "Female";
        }
        $add_to_prfil = "INSERT INTO tbluser_profile ( 
							provider, 
							email, 
							first_name, 
							last_name, 
							gender,
							phone, 
							mobile,
							address, 
							country) 
						VALUES ( 
							'$lastId', 
							'" . $_POST['uemail'] . "', 
							'" . $_POST['fname'] . "', 
							'" . $_POST['lname'] . "',
							'$gender',
							'" . $_POST['cphone'] . "',
							'" . $_POST['cmobile'] . "',
							'" . $_POST['caddress'] . "', 
							'" . $_POST['ccountry'] . "' ) ";
        $query_d = mysql_query($add_to_prfil);
        header('Location: ' . W_ROOT . '/includefiles/email/send_email.php?email=' . $_POST['uemail'] . '&fname=' . $_POST['fname'] . '&lname=' . $_POST['lname'] . '&id=' . $lastId);
    }
}

function uploadPhoto($inputName, $uploadDir) {
    $image = $_FILES[$inputName];
    $imagePath = '';
    $thumbnailPath = '';

    // if a file is given
    if (trim($image['tmp_name']) != '') {
        $ext = substr(strrchr($image['name'], "."), 1); //$extensions[$image['type']];
        // generate a random new file name to avoid name conflict
        $imagePath = $image['name'];

        list($width, $height, $type, $attr) = getimagesize($image['tmp_name']);
        if (true && $width > 500) {
            $result = createThumbnail($image['tmp_name'], $uploadDir . $imagePath, 500);
            $imagePath = $result;
        } else {
            $result = move_uploaded_file($image['tmp_name'], $uploadDir . $imagePath);
        }

        if ($result) {
            // create thumbnail
            $thumbnailPath = md5(rand() * time()) . ".$ext";
            $size = getimagesize($uploadDir . $imagePath);
            if ($size[0] > 100)
                $result = createThumbnail($uploadDir . $imagePath, $uploadDir . $thumbnailPath, 100);
            else {
                copy($uploadDir . $imagePath, $uploadDir . $thumbnailPath);
                $result = basename($uploadDir . $thumbnailPath);
            }

            // create thumbnail failed, delete the image
            if (!$result) {
                unlink($uploadDir . $imagePath);
                $imagePath = $thumbnailPath = '';
            } else {
                $thumbnailPath = $result;
            }
        } else {
            // the product cannot be upload / resized
            $imagePath = $thumbnailPath = '';
        }
    }
    return array('image' => $imagePath, 'thumbnail' => $thumbnailPath);
}

function createThumbnail($srcFile, $destFile, $width, $quality = 75) {
    $thumbnail = '';

    if (file_exists($srcFile) && isset($destFile)) {
        $size = getimagesize($srcFile);
        $w = number_format($width, 0, ',', '');
        $h = number_format(($size[1] / $size[0]) * $width, 0, ',', '');

        $thumbnail = copyImage($srcFile, $destFile, $w, $h, $quality);
    }

    // return the thumbnail file name on sucess or blank on fail
    return basename($thumbnail);
}

function copyImage($srcFile, $destFile, $w, $h, $quality = 75) {
    $tmpSrc = pathinfo(strtolower($srcFile));
    $tmpDest = pathinfo(strtolower($destFile));
    $size = getimagesize($srcFile);

    if ($tmpDest['extension'] == "gif" || $tmpDest['extension'] == "jpg") {
        $destFile = substr_replace($destFile, 'jpg', -3);
        $dest = imagecreatetruecolor($w, $h);
        imageantialias($dest, TRUE);
    } elseif ($tmpDest['extension'] == "png") {
        $dest = imagecreatetruecolor($w, $h);
        imageantialias($dest, TRUE);
    } else {
        return false;
    }

    switch ($size[2]) {
        case 1:       //GIF
            $src = imagecreatefromgif($srcFile);
            break;
        case 2:       //JPEG
            $src = imagecreatefromjpeg($srcFile);
            break;
        case 3:       //PNG
            $src = imagecreatefrompng($srcFile);
            break;
        default:
            return false;
            break;
    }

    imagecopyresampled($dest, $src, 0, 0, 0, 0, $w, $h, $size[0], $size[1]);

    switch ($size[2]) {
        case 1:
        case 2:
            imagejpeg($dest, $destFile, $quality);
            break;
        case 3:
            imagepng($dest, $destFile);
    }
    return $destFile;
}

function edit_seller() {

    $first_name = addslashes($_POST['first_name']);
    $last_name = addslashes($_POST['last_name']);
    $user_pass = addslashes($_POST['us_pass']);
    $phone = $_POST['phone'];
    $mobile = $_POST['mobile'];
    $address = addslashes($_POST['address']);
    $email = $_POST['email'];
    $country = addslashes($_POST['country']);
    $city = $_POST['city'];
    $zip = $_POST['zip'];
    $pharmacy_name = addslashes($_POST['pharmacy_name']);
    $image = uploadPhoto('logo_image', 'upload/');
    $logo = $image['thumbnail'];
    $pharmacy_address = addslashes($_POST['pharmacy_address']);
    $pharmacy_provinceid = $_POST['location'];
    $pharmacy_phone = $_POST['pharmacy_phone'];
    $pharmacy_fax = $_POST['pharmacy_fax'];
    $pharmacy_email = $_POST['pharmacy_email'];
    $pharmacy_website = addslashes($_POST['pharmacy_website']);
    $pharmacy_license = $_POST['pharmacy_license'];
    $newsletter = isset($_POST['newsletter']) ? $_POST['newsletter'] : '0';

    $user_up = mysql_query("UPDATE tbluser SET 
                first_name='$first_name', 
				last_name='$last_name', 
				user_pass='$user_pass',
				address='$address',
				mobile='$mobile',
				newsletter='$newsletter',
				email='$email',
				phone='$phone',
				country_id='$country'
				WHERE tbluser.id='" . $_SESSION['acc_id'] . "'");

    $up_to_prfil = "UPDATE tbluser_profile SET
				email='$email', 
				first_name='$first_name', 
				last_name='$last_name', 
				phone='$phone', 
				mobile='$mobile',
				address='$address',
                                city='$city', 
                                zip='$zip',    
				country='$country'
                                WHERE provider='" . $_SESSION['acc_id'] . "'";
    $query_d_up = mysql_query($up_to_prfil);


    $str1 = "UPDATE tblpharmacy SET pharmacy_name='$pharmacy_name',
				pharmacy_image='$logo',
				address='$pharmacy_address',
				province_id='$pharmacy_provinceid',
				phone='$pharmacy_phone',
				fax='$pharmacy_fax',
				email='$pharmacy_email',
				website='$pharmacy_website',
				license='$pharmacy_license'
				WHERE tblpharmacy.user_id=" . $_SESSION['acc_id'];
    mysql_query($str1);

    $success = 'You have successfully edit your profile!';
    header("Location: " . W_ROOT . "/company/dashboard/?message=$success&class=success");
}

function generateRandomString($length = 50) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}